Best of Technical Support
I have installed ntpd on Red Hat 8, and it runs but does not appear to do anything. The log file indicates it is starting up, but after a few minutes, it displays the following message:
kernel time discipline status change 41
After that, nothing else is written to the log file. What does the
kernel time discipline message mean? How can I tell if ntp actually is
updating my system clock? If it isn't doing updates, how can I get
it to work properly?
To check if ntpd, the Network Time Protocol dæmon,
is working correctly, type ntptrace localhost
to see where your system is getting its time and
where its upstream time server is getting its time.
To be polite, don't set up ntpd to use a heavily
loaded public time server—your ISP or local
Linux user group should be able to give you access
to a server that is close to you.
Here are a few things to check. First, ntpd will not synchronize time
differences greater than one hour, so use ntpdate first to get your
clock in range. Second, make sure you have not configured ntpd to
use multicast/broadcast client functionality unless you have a time
server on your local network. Third, if you are running a recent
version of ntp make sure you have a restrict parameter in your
configuration file for each time server you use, as newer versions
are much more security-aware. Finally, use the ntpq tool and the
assoc command to verify that ntpd is running properly.
My wife's computer is inside a LAN and accesses the Internet through
a proxy (no other connections are allowed, only WWW). As we are working
on a common project, I need her to connect to some of our internal sites
that are accessible only through another proxy.
The situation is this:
my wife's computer→proxy1→Internet→proxy2→internal sites.
In that scheme, I have full control on proxy2 (a Debian box running squid).
Any ideas about how to do this?
Mauro A. Cremonini
If you are running the Squid proxy, cache_peer and other settings
allow you to daisy-chain proxy servers together. You need to establish
a cache_host entry that defines the internal sites as described above
and a dstdomain ACL entry for the internal sites that forces them to
be accessed through proxy2. Squid is a powerful proxy server, and you can slice and dice your
traffic management a number of different ways. For more tips and
tricks, see the Squid FAQ at www.squid-cache.org/Doc/FAQ/FAQ.html.
If you aren't running a Web server on proxy2's port 80, you can run rinetd to forward connections from it to a system on your internal network (www.boutell.com/rinetd). For security, though, the best thing would be to ask your wife's network administrator to open up their firewall for outgoing SSH. Then, give her a shell account on proxy2 so that she can tunnel in with the following:
ssh -N -L 8080:internal:80 proxy2
Here's an explanation of the ssh command-line options above: -N, don't start a shell; -L, forward a local port; 8080, port on which to accept connections on localhost; internal, host to which to forward connections; 80, port to which to forward connections; and proxy2, host to which to make the SSH connection.
Then, she simply can point her browser at
localhost:8080 and get to your internal server,
and you don't have to open up anything except
incoming SSH to your proxy.
I'm trying to port some Windows applications to Linux (Red Hat 7.3
and 9), and I need to find a replacement method for my current printing
mechanism. The current printing process goes like this:
1) The application opens LPT8: for write as a file. LPT8: is a Windows
device, not a real physical port. Data (plain ASCII text) is written to
the device. When done, the device is closed.
2) LPT8: is captured by a Novell Netware capture program so that
anything written to LPT8: winds up in a Novell Netware printer queue.
3) The Novell Netware server sends the data to a barcode printer. The
printer is attached to the network using one of those little AXIS
print servers that can handle multiple protocols including Novell
NPRINTER and lpd.
I want to know if there is any way to keep the basic operation of
the program the same: open a file/device, write to it, close it.
Everything else that needs to happen occurs in the background.
I can see doing this using calls to external programs: create a temp
file with the data, then pass the file to a printing program like lpr.
This is a bit more complicated but will work if the first method doesn't.
Or, one could create a temp file and put a watch on the temp directory
to grab any files there. The user expects near instantaneous response,
The Novell Netware server is going to be replaced by a Linux box
eventually. The Windows machines will use Samba for their printers. I
haven't decided on which printing system to use yet, probably CUPS.
The programs are written in Delphi/Kylix Object Pascal. Any hints on
where I should start looking?
This can be easy or difficult depending on what you are willing to do. The
solution you referenced above that involves the creation of a temporary
file actually is the easiest solution. You can use the tmpnam() function
to obtain a unique filename to ensure your process won't conflict with
any others. This concept keeps you within the open-file, write-file,
close-file work flow you described above, and you shouldn't require an
external program to do this work.
If your program was structured such that it always
created a temporary file and called out to a
configurable command, it would remain portable. On
a Windows box one could use a copy command to
dump the file to LPT8:, and on a Linux box one could
use the lpr command. This would make your program
I installed Red Hat 9 on a Dell Inspiron 1100 laptop. It
appears that no power-management support was installed (this is an ACPI
machine, not APM). A few Web sites have reported success with this
system, except for ACPI.
I tend to stick with Red Hat standard releases because I rely on my
laptop for everyday use (I use it 6–8 hours a day for teaching). I
experiment on my working system.
What is the impact of not including ACPI support? Do I run the risk of
damaging the CPU without it, or can I live without it (at least for a
while)? Can you point me to a how-to about ACPI and Linux?
Running with ACPI enabled will not harm your system unless you are
overclocking or doing some other activity that relies on the alerts ACPI
would provide. In a laptop environment this is extremely unlikely.
However, you may not see the same battery lifetimes without ACPI, because
that is the same module used to identify whether the system is running on
AC or battery, to scale the speed of the CPU and so forth.
For more information on ACPI, consult the ACPI-HOWTO in the Linux
Documentation Project (LDP): www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/ACPI-HOWTO.html.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Humble Hacker?
- The Death of RoboVM
- Why Python?
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- On Your Marks, Get Set...Gutsy Gibbon!
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide